[CLSA-2023:1692295986] Fix CVE(s): CVE-2023-30577, CVE-2022-37705

Type:

security

Severity:

Important

Release date:

2023-08-17 18:13:10 UTC

Description:

   * SECURITY UPDATE: privilege escalation through runtar SUID program
     - debian/patches/CVE-2022-37705.patch: filter tar options
     - CVE-2022-37705
   * SECURITY UPDATE: privilege escalation through runtar SUID program
     - debian/patches/CVE-2023-30577.patch: introduce tar option allow list
     - CVE-2023-30577

Updated packages:

amanda-client_3.3.6-4.1+tuxcare.els1_amd64.deb
sha:668e8ba1ff37559d785e586d6f3756e92a902b46
amanda-common_3.3.6-4.1+tuxcare.els1_amd64.deb
sha:cbacaf5041068fe593fdcca726b0fcecdf720ba8
amanda-server_3.3.6-4.1+tuxcare.els1_amd64.deb
sha:92a1e43bf14a9e996b493703967008401ff731ba

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.